﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Configuration;
using System.Net.Mail;
using System.Net;

namespace Hired
{
    public partial class recoveraccount2 : System.Web.UI.Page
    {
        object account = null;
        string accountType = "";

        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["account"] != null)
            {
                account = Session["account"];
                accountType = DBAccount.RetrieveAccountTypeByAccount(account);
                lblError.Text = "";
                if (accountType == "AdminStaffAccount")
                {
                    AdminStaffAccount asa = (AdminStaffAccount)account;
                    lblUsername.Text = asa.Username;
                    lblSecurityQuestion.Text = asa.SecurityQuestion;
                }
                else if (accountType == "EmployerPassport")
                {
                    EmployerPassport ep = (EmployerPassport)account;
                    lblUsername.Text = ep.Username;
                    lblSecurityQuestion.Text = ep.SecurityQuestion;
                }
                else if (accountType == "JobseekerAccount")
                {
                    JobseekerAccount ja = (JobseekerAccount)account;
                    lblUsername.Text = ja.Username;
                    lblSecurityQuestion.Text = ja.SecurityQuestion;
                }
                else if (accountType == "CompanyAccount")
                {
                    CompanyAccount ca = (CompanyAccount)account;
                    lblUsername.Text = ca.Username;
                    lblSecurityQuestion.Text = ca.SecurityQuestion;
                }

            }
            else
            {
                Response.Redirect("recoveraccount.aspx");
            }
        }

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            // verify security answer
            if (account != null)
            {
                string password = generatePassword();
                if (accountType == "AdminStaffAccount")
                {
                    AdminStaffAccount asa = (AdminStaffAccount)account;
                    if (txtSecurityAnswer.Text == asa.SecurityAnswer)
                    {
                        asa.Password = Encryption.md5Encrypt(password);
                        Send(asa.Username, password, asa.Email);
                        lblError.Text = "An e-mail has been sent to your e-mail account.";
                        pnlRecoverAccount.Visible = false;
                    }
                    else
                    {
                        lblError.Text = "You have entered an incorrect security answer.";
                    }
                }
                else if (accountType == "EmployerPassport")
                {
                    EmployerPassport ep = (EmployerPassport)account;
                    if (txtSecurityAnswer.Text == ep.SecurityAnswer)
                    {
                        ep.Password = Encryption.md5Encrypt(password);
                        Send(ep.Username, password, ep.Email);
                        lblError.Text = "An e-mail has been sent to your e-mail account.";
                        pnlRecoverAccount.Visible = false;
                    }
                    else
                    {
                        lblError.Text = "You have entered an incorrect security answer.";
                    }
                }
                else if (accountType == "JobseekerAccount")
                {
                    JobseekerAccount ja = (JobseekerAccount)account;
                    if (txtSecurityAnswer.Text == ja.SecurityAnswer)
                    {
                        ja.Password = Encryption.md5Encrypt(password);
                        DBJobseekerAccount.updateJobseekerAccount(ja);
                        Send(ja.Username, password, ja.Email);
                        lblError.Text = "An e-mail has been sent to your e-mail account.";
                        pnlRecoverAccount.Visible = false;
                    }
                    else
                    {
                        lblError.Text = "You have entered an incorrect security answer.";
                    }
                }
                else if (accountType == "CompanyAccount") {
                    CompanyAccount ca = (CompanyAccount)account;
                    if (txtSecurityAnswer.Text == ca.SecurityAnswer)
                    {
                        ca.Password = Encryption.md5Encrypt(password);
                        DBCompanyAccount.UpdateCompanyAccount(ca);
                        Send(ca.Username, password, ca.Email);
                        lblError.Text = "An e-mail has been sent to your e-mail account.";
                        pnlRecoverAccount.Visible = false;
                    }
                    else {
                        lblError.Text = "You have entered an incorrect security answer.";
                    }
                }
                // send e-mail to user
            }
            else
            {
                Response.Redirect("recoveraccount.aspx");
            }
        }

        protected string generatePassword()
        {
            Random r = new Random();
            string password = Path.GetRandomFileName();
            password = password.Substring(0,7) + r.Next(0,9);   // returns a random 8char string ending with a number
            return password;
        }

        protected void Send(string username, string userPassword, string email)
        {
            string from = ConfigurationManager.AppSettings["Username"];
            string server = ConfigurationManager.AppSettings["MailServer"];
            string password = ConfigurationManager.AppSettings["password"];

            MailMessage mail = new MailMessage(from, email);
            SmtpClient smtp = new SmtpClient(server, 587);
            NetworkCredential nc = new NetworkCredential(from, password);

            mail.Subject = "Request to recover account [" + username + "]";
            mail.Body = "Dear " + username + ",\n\n" +
                "A request was made to recover your account password.\n" +
                "Your new password: " + userPassword + "\n\n" +
                "If this request was not made by you, another person may be trying to access your account. You are advised to change your account credentials and security question/answer.";

            smtp.EnableSsl = true;
            smtp.UseDefaultCredentials = false;
            smtp.Credentials = nc;

            try
            {
                smtp.Send(mail);
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message, ex);
            }
        }
    }
}